Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
2b, a followup story to your post:
'Palladium' Echoes in New Handheld Security Spec
Mark Hachman
http://www.eweek.com/article2/0,1759,1684441,00.asp
(This is actually part 2)
The TMP initiative creates a "boundary of trust" around some of the central components within the handheld system. The system initially boots from a trusted OS stored on a secure ROM, and through the applications processor that's checked against the Trusted Platform Module, or TPM. Data stored on removable devices such as flash cards must be securely encrypted, and the specification also lists the SIM card, used to identify the phone to the carrier, as a trusted device that can authenticate the user.
Intel has already placed some elements of the TMP within its "Bulverde" wireless applications processor, known as the PXA27X family, Krisa said.
"The level of digital rights management will be implemented on the software level within the middleware, and will procedurally determine what you can pass forward and save on the handset as well," Krisa said, adding that it will be managed by IBM's WebSphere team.
IBM contributed software "expertise," June Namioka, a spokeswoman for IBM's Asia-Pacific headquarters in Tokyo, said in an interview. Intel's Krisa said work focused on some of the higher-end software protocols used by the technology.
One analyst called IBM's involvement significant. "Enterprise wireless apps are more of a concern for the average IT manager than for the average consumer," said Julie Ask, a wireless analyst with Jupitermedia Corp.'s JupiterResearch division. "The risk isn't so much in bringing down my phone, it's hacking into my system or making sure the workers on the factory floor can't talk to one another, which could be disastrous."
However, the initiative currently lacks the support of a number of other key vendors. For his part, Krisa said the 2005 launch date is "highly dependent on other members, middleware ecosystem and OS vendors." A representative from Symbian, a U.K.-based provider of embedded OSes, did not return a call for comment.
Although both the hardware and software specifications were released Wednesday, the software document indicates that it was authored June 23.
Analyst reaction was mixed. "Without having details, I see this '05 thing as questionable," said Neil Strother, senior analyst with In-Stat/MDR in Phoenix. "Even if they move quickly, I'm skeptical."
If you want to build trust in the trust model, "you have to get the banking guys on board," he said.
Cliff Raskind, director of wireless enterprise strategies at Boston-based Strategy Analytics, said his first impression was that the triumvirate didn't have the clout that a trio of Microsoft, Intel and Cisco Systems Inc. might have in trying to establish standards for the Wi-Fi space. Wireless, by contrast, encompasses too many players. "You need buy-in across the board," he said.
On the other hand, the life cycle for phones has shrunk to between six and eight months, forcing handset makers and carriers alike to implement new technology quickly or risk losing market share, analysts said. In a recent executive study, JupiterResearch found that 30 percent of the respondents cited poor device security as their chief barriers to adopting new wireless devices. Thirty-one percent cited poor network security.
"Things do move quickly in the mobile space, and Intel is very serious in growing its communications business and putting in the marketing dollars to do so," JupiterResearch's Ask said.
"When you announce with a carrier, that's good," Ask added. "I'm not sure if it's going to turn into a North American thing, though, versus a Japanese one." Asian carriers are usually on the leading edge of OS and technology advances, she said. Other analysts pointed out that NTT DoCoMo is a major player only in the GSM space, and a European and American carrier would need to sign on.
None of the analysts reached for comment said they had been briefed on the TMP technology, which they found unusual.
The TMP initiative creates a "boundary of trust" around some of the central components within the handheld system. The system initially boots from a trusted OS stored on a secure ROM, and through the applications processor that's checked against the Trusted Platform Module, or TPM. Data stored on removable devices such as flash cards must be securely encrypted, and the specification also lists the SIM card, used to identify the phone to the carrier, as a trusted device that can authenticate the user.
Intel's Krisa said the Trusted Computing Group, which oversees the TPM specifications, will have to come up with a derivative designed for mobile handsets to minimize the platform's power consumption.
wildman, fwiw
there is a mobile phone working group sub-committee, headed by Panu Markkanen of Nokia, under the technical committee:
https://www.trustedcomputinggroup.org/downloads/org_docs/TCG_Organization.pdf
Hi zen,
yep, I agree. It was #1.................
oknpv
I think one consideration in Wave's wanting these expiring options exercised is that it doesn't involve an agent so they avoid brokerage fees. The exercising party pays Wave directly.
If they expire, sure Wave may be able to sell additional shares under the shelf, but that would certainly 1) be at a discount, and 2) involve somebody like CorpFin again.
1260
I doubt they'll pull the trigger on the warrant/right/whatever.
These folks are not investors, they're flippers. For them, there's too much risk in plunking down a million dollars for little ole Wave. They're used to selling at the market while simultaneously buying at a discount, thus realizing an immediate and almost riskless profit.
The only way they pull the trigger is if we're way north of a buck by Friday.
24601
My impression is that rights are similar to warrants, except they have a shorter life. Below are the "industry" definitions.
right
A privilege allowing existing shareholders to buy shares of an issue of common stock shortly before it is offered to the public, at a specified and usually discounted price, and usually in proportion to the number of shares already owned. also called subscription right.
warrant
A certificate, usually issued along with a bond or preferred stock, entitling the holder to buy a specific amount of securities at a specific price, usually above the current market price at the time of issuance, for an extended period, anywhere from a few years to forever. In the case that the price of the security rises to above that of the warrant's exercise price, then the investor can buy the security at the warrant's exercise price and resell it for a profit. Otherwise, the warrant will simply expire or remain unused. Warrants are listed on options exchanges and trade independently of the security with which it was issued. also called subscription warrant.
Fujitsu Ships New LifeBook T4000 Tablet PC
Another new one?
(October 27,2004)
Fujitsu Computer Systems today announced it has begun shipping in volume its second-generation convertible Tablet PC, the LifeBook T4000 Tablet PC. The company's convertible Tablet PC is the ideal solution for field force and sales force automation as well as insurance and government workers because of the capabilities to improve efficiency, productivity and security. Fujitsu also announced today the rollout of a large-scale LifeBook T4000 Tablet PC integration by Shaw Industries.
By simply twisting the screen of the LifeBook T4000 Tablet PC, a user can have the option of either a keyboard or a pen for data input and management. This unsurpassed flexibility positions the LifeBook T4000 Tablet PC as a no compromise mobile computing solution that can be used in a wide variety of work environments with an emphasis on productivity.
"We are expecting these systems to greatly improve customer service and facilitate the exchange of information among our sales force," said Steve Abernathy, director of marketing technology for Shaw Industries. "The convertible LifeBook T4000 Tablet PC is the best built system we've seen. We were impressed by the quality and reliability of the product and the excellent service and support offerings from Fujitsu."
Shaw Industries, the world's largest carpet manufacturer, recently purchased more than 1,100 Fujitsu LifeBook T4000 Tablet PCs for its sales force. Shaw sales representatives will each carry convertible Tablet PCs with them on sales calls, using them as decision support tools to enter in orders, retrieve account history and review product information electronically at the point-of-service.
The integration of a modular bay gives users the flexibility to choose between a Multi-Format DVD Writer, second battery or weight saver option in order to create a mobile computing solution that best suits their individual needs. A new display with up to a 180-degree viewing angle makes this Tablet PC perfect for sharing information, such as presentations and spreadsheets, as well as working in a wide variety of lighting environments.
The LifeBook T4000 Tablet PC is ideal for mobile workers who must rely on their system throughout the entire workday. The system can deliver up to 8.5 hours(2) of battery life -- an entire workday -- with both batteries installed. This extended battery life is ideal for workers who find themselves moving from one location to another throughout the day.
In order to maintain the integrity of accurate customer and company data, Fujitsu has implemented advanced security features on each system to deter unauthorized users and enable secure authentication. The LifeBook T4000 Tablet PC includes a dedicated SmartCard slot and Trusted Platform Module (TPM).
LifeBook T4000 Tablet PC Specifications
Processor: Intel(R) Pentium(R) M 725 or 745 Processor
Display: 12.1" XGA display with active digitizer
Memory: 256 MB minimum; two DIMM slots; 2 GB maximum
Hard Drive(3): 60 GB or 40 GB
Communications: Ethernet and modem (standard); Intel PRO/Wireless 2200BG (802.11b/g)
Card Slots: One Type II card slot, dedicated SmartCard slot, and Secure Digital slot
Battery: Lithium ion; up to 5 hours(2) with main battery; up to 8.5 hours(2) with main battery and second bay battery; bridge battery for warm swapping of primary battery
Ports: Two USB 2.0, Modem (RJ-11), Ethernet (RJ-45), VGA-out, Infrared port (IrDA 1.1-compatible, 4Mbps), headphone, microphone and docking port
Operating System: Microsoft Windows XP Tablet PC Edition
Dimensions/Weight: 11.5" (W) x 9.3" (D) x 1.1-1.4" (H); approximately 4.3 lbs. with weight saver; 4.7 lbs. with media drive installed
The LifeBook T4000 Tablet PC is available through the Fujitsu direct sales force, Web site and channel partners with pricing starting at $2,0191 for a base configuration. Users can choose from several recommended configurations or they can customize their system using the Fujitsu Configure To Order (CTO) program.
Service and Support
The Fujitsu LifeBook T4000 Tablet PC is backed by a three-year or one-year International Limited Warranty for U.S. and Canadian customers. The International Limited Warranty includes technical support, 24 hours a day, seven days a week(4). In addition, users can add Fujitsu Premium Care Service Plans, which include an on-site service or a screen protection plan.
About Fujitsu Computer Systems Corporation
Headquartered in Sunnyvale, Calif., Fujitsu Computer Systems is a wholly owned subsidiary of Fujitsu Limited (TSE: 6702) committed to the design, development and delivery of advanced computer systems and managed services for the business enterprise. The company offers a complete line of high-performance mobile and desktop computers, scalable and reliable servers as well as managed and professional services. Fujitsu Computer Systems emphasizes leading-edge technology, exceptional product quality, and productivity, as well as outstanding customer service. More information on Fujitsu Computer Systems is available at http://us.fujitsu.com/computers .
About Fujitsu
oknpv, new short numbers
Maybe they are giving it some thought:
Oct. 15, 2004 3,268,643 365,631 8.94
Sep. 15, 2004 3,832,279 170,984 22.41
Aug. 13, 2004 3,872,023 233,352 16.59
CC numbers, thanks lugan
http://www.investorshub.com/boards/read_msg.asp?message_id=4389785
cpa, are you asking questions on the CC again?
awk, yup, saw it
Hopefully the first of many exponential quarterly revenue increases.............
Wave Systems 3Q Losses $3.80M Vs $5.50M>
Wave Systems 3Q Rev $44,000 Vs $80,000 > WAVX
Wave Systems 3Q Losses 5c/Shr Vs 15c> WAVX
Wave Systems Corp. (NASDAQ: WAVX; www.wave.com) today reported
growth in new contract activity and reviewed its results for its third
quarter and nine months ended September 30, 2004.
During the third quarter ended September 30, 2004, Wave completed
license contracts amounting to $340,000, to be recorded as revenue
over future periods. The contracts, which were not reflected in Q3
2004 revenue, are being booked as deferred revenue.
Steven Sprague, Wave's president and CEO, said, "Wave believes the
Trusted Computing marketplace is beginning to engage and that
increased activity is reflected in our Q3 contract activity as well as
the sequential ramp in ETS shipments achieved in the period. Based on
this, we are optimistic about our order activity as we progress
through 2004 into the New Year."
Wave's Q3 2004 net revenue was $44,000, compared to revenue of
$80,000 principally related to development service contracts and
license contracts in the third quarter ended September 30, 2003.
Reflecting ongoing sales, marketing, administrative and R&D expenses,
Wave reported a net loss to common stockholders of $3.8 million, or
$0.05 per basic share, for the third quarter of 2004, compared to a
net loss to common stockholders of $8.3 million, or $0.15 per basic
share, in the third quarter ended September 30, 2003. The year-ago Q3
period included a $1.1 million write-down of inventory and the
accretion of discount as well as preferred dividends paid on preferred
stock amounting to $2.8 million. The weighted average number of basic
shares outstanding in the third quarters of 2004 and 2003, was
69,633,000 and 54,030,000, respectively.
For the nine months ended September 30, 2004, Wave Systems
reported net revenue of $101,000, compared to revenue of $130,000 in
the nine months period ended September 30, 2003. Wave reported a net
loss to common stockholders of $11.5 million, or $0.17 per basic
share, for the first nine months of 2004, compared to a net loss to
common stockholders of $21.0 million, or $0.40 per basic share, in the
first nine months of 2003. The weighted average number of basic shares
outstanding in the first nine months of 2004 and 2003, was 68,117,000
and 52,748,000, respectively.
As of September 30, 2004, Wave had current assets of approximately
$5.1 million and no long-term debt. Wave Systems has a shelf
registration statement in place, which net of an August private
placement, could enable the Company to potentially raise up to $22
million of additional capital in private or public transactions.
Mr. Sprague added, "We believe Wave made important progress in the
third quarter with a revised technology agreement with National
Semiconductor and an agreement for Wave technology to be included with
STMicroelectronics' Trusted Computing security chip solution.
Furthermore, Wave agreed to license its ESIGN digital signing and
storage technology for inclusion in a la mode, inc.'s real estate
industry network offerings. Shipments of Wave's Trusted Computing
technology with mainstream motherboards also showed steady growth from
initial levels.
"Wave believes momentum in such diverse markets as PC OEMs and
their suppliers, real estate and financial services, government, the
military and other enterprises, and our investments in Trusted
Computing over the past few years are now positioning us to take
advantage of this emerging market growth."
Recent Wave Systems developments (for more details, please visit
www.wave.com):
STMicroelectronics - Wave and STMicroelectronics, one of the
world's largest semiconductor vendors, in September announced
licensing its Embassy(R) Security Center and Cryptographic Services
Provider products to ST for use in their TCG 1.2 Solution for trusted
personal computers. The ST19WP18-TPM solution, based on ST's Trusted
Platform Module (TPM), combined with the software stack (BIOS and
Windows(R) drivers, Trusted Computing Group Software Stack, and Wave
EMBASSY(R) Security Center and TCG Cryptographic Service Provider),
delivers an off-the-shelf Trusted Computing Group (TCG)-enabled
security solution for desktop and laptop PCs.
National Semiconductor - Wave concluded a revised agreement in
September to have its technology embedded in National Semiconductor's
Trusted Platform Module products that also include the new trusted
computing integrated solution, the IOKeeper(R) Trusted Platform
Module. As a part of the agreement Wave receives a license fee and a
per unit royalty.
a la mode - In September Wave agreed to license its eSign
Transaction Management Suite to a la mode, inc. and provide related
development services. A la mode will provide Wave's eTMS technology,
which provides a legally-binding and standards-compliant digital
signing capability, to the thousands of real estate professionals -
real estate agents, mortgage brokers and appraisers - that use a la
mode's XSites network. Wave's software will be distributed to the
entire network with the digital signing toolkit and e-signature
included.
Private Placement - In August, Wave completed a $3 million private
placement that included an additional investment right and warrants,
which if exercised would generate approximately $8.7 million of
additional proceeds to Wave.
Key Transfer Manager Enterprise Server AD: In August, Wave
introduced Key Transfer Manager (KTM) Enterprise Server AD, a server
software solution designed to aid in the protection and recovery of
critical enterprise personal computer data. KTM Enterprise Server AD
is designed to address the IT manager's need to control the key
archive and recovery process when implementing an enterprise-wide
security solution using PCs conforming to the TCG standard.
ETS 4.0: In September, Wave launched the next version of its
secure enterprise software, EMBASSY(R) Trust Suite (ETS) 4.0. New or
enhanced features include the ability to set strong security
preferences for authentication and hardened data protection tailored
to business needs. Wave's ETS 4.0 is available in Professional Edition
and Enterprise Edition client packages, or in a client/server package
that includes the EMBASSY Trust Server - Key Transfer Manager
Enterprise Server AD 2.0.
New Distribution Channels: During the third quarter Wave announced
three new distribution partners, including Envoy Data, CSS
Laboratories and SmartAxis SA.
Market Outreach - Wave promoted the Trusted Computing story in a
series of trade show appearances, including the DOIM Conference,
targeting military and national security customers; IBM Partner Summit
2004, targeting IT markets in northern Europe; and the FBI ITEC
conference and the Intel Developer Forum.
In July Wave joined the ARM(R) Connected Community, enabling Wave
to gain access to a full range of resources to help it market
innovative solutions associated with the new ARM TrustZone(TM)
technology that will enable developers to get their ARM Powered(R)
products to market faster.
Todito, a leading Internet portal, ISP and e-commerce site for
North American Spanish-speakers, launched Todito TV Premium, an online
service offering DVD-quality videos that utilizes Wavexpress' platform
and player. In addition, Wavexpress and thePlatform for media, a
leading provider of software for broadcast and broadband rich media
content management, integrated Wavexpress' WX broadband video
technology and thePlatform media publishing system(TM).
It's Out
Wave Systems Corp. (NASDAQ: WAVX; www.wave.com) today reported
growth in new contract activity and reviewed its results for its third
quarter and nine months ended September 30, 2004.
During the third quarter ended September 30, 2004, Wave completed
license contracts amounting to $340,000, to be recorded as revenue
over future periods. The contracts, which were not reflected in Q3
2004 revenue, are being booked as deferred revenue.
Steven Sprague, Wave's president and CEO, said, "Wave believes the
Trusted Computing marketplace is beginning to engage and that
increased activity is reflected in our Q3 contract activity as well as
the sequential ramp in ETS shipments achieved in the period. Based on
this, we are optimistic about our order activity as we progress
through 2004 into the New Year."
Wave's Q3 2004 net revenue was $44,000, compared to revenue of
$80,000 principally related to development service contracts and
license contracts in the third quarter ended September 30, 2003.
Reflecting ongoing sales, marketing, administrative and R&D expenses,
Wave reported a net loss to common stockholders of $3.8 million, or
$0.05 per basic share, for the third quarter of 2004, compared to a
net loss to common stockholders of $8.3 million, or $0.15 per basic
share, in the third quarter ended September 30, 2003. The year-ago Q3
period included a $1.1 million write-down of inventory and the
accretion of discount as well as preferred dividends paid on preferred
stock amounting to $2.8 million. The weighted average number of basic
shares outstanding in the third quarters of 2004 and 2003, was
69,633,000 and 54,030,000, respectively.
For the nine months ended September 30, 2004, Wave Systems
reported net revenue of $101,000, compared to revenue of $130,000 in
the nine months period ended September 30, 2003. Wave reported a net
loss to common stockholders of $11.5 million, or $0.17 per basic
share, for the first nine months of 2004, compared to a net loss to
common stockholders of $21.0 million, or $0.40 per basic share, in the
first nine months of 2003. The weighted average number of basic shares
outstanding in the first nine months of 2004 and 2003, was 68,117,000
and 52,748,000, respectively.
As of September 30, 2004, Wave had current assets of approximately
$5.1 million and no long-term debt. Wave Systems has a shelf
registration statement in place, which net of an August private
placement, could enable the Company to potentially raise up to $22
million of additional capital in private or public transactions.
Mr. Sprague added, "We believe Wave made important progress in the
third quarter with a revised technology agreement with National
Semiconductor and an agreement for Wave technology to be included with
STMicroelectronics' Trusted Computing security chip solution.
Furthermore, Wave agreed to license its ESIGN digital signing and
storage technology for inclusion in a la mode, inc.'s real estate
industry network offerings. Shipments of Wave's Trusted Computing
technology with mainstream motherboards also showed steady growth from
initial levels.
"Wave believes momentum in such diverse markets as PC OEMs and
their suppliers, real estate and financial services, government, the
military and other enterprises, and our investments in Trusted
Computing over the past few years are now positioning us to take
advantage of this emerging market growth."
Recent Wave Systems developments (for more details, please visit
www.wave.com):
STMicroelectronics - Wave and STMicroelectronics, one of the
world's largest semiconductor vendors, in September announced
licensing its Embassy(R) Security Center and Cryptographic Services
Provider products to ST for use in their TCG 1.2 Solution for trusted
personal computers. The ST19WP18-TPM solution, based on ST's Trusted
Platform Module (TPM), combined with the software stack (BIOS and
Windows(R) drivers, Trusted Computing Group Software Stack, and Wave
EMBASSY(R) Security Center and TCG Cryptographic Service Provider),
delivers an off-the-shelf Trusted Computing Group (TCG)-enabled
security solution for desktop and laptop PCs.
National Semiconductor - Wave concluded a revised agreement in
September to have its technology embedded in National Semiconductor's
Trusted Platform Module products that also include the new trusted
computing integrated solution, the IOKeeper(R) Trusted Platform
Module. As a part of the agreement Wave receives a license fee and a
per unit royalty.
a la mode - In September Wave agreed to license its eSign
Transaction Management Suite to a la mode, inc. and provide related
development services. A la mode will provide Wave's eTMS technology,
which provides a legally-binding and standards-compliant digital
signing capability, to the thousands of real estate professionals -
real estate agents, mortgage brokers and appraisers - that use a la
mode's XSites network. Wave's software will be distributed to the
entire network with the digital signing toolkit and e-signature
included.
Private Placement - In August, Wave completed a $3 million private
placement that included an additional investment right and warrants,
which if exercised would generate approximately $8.7 million of
additional proceeds to Wave.
Key Transfer Manager Enterprise Server AD: In August, Wave
introduced Key Transfer Manager (KTM) Enterprise Server AD, a server
software solution designed to aid in the protection and recovery of
critical enterprise personal computer data. KTM Enterprise Server AD
is designed to address the IT manager's need to control the key
archive and recovery process when implementing an enterprise-wide
security solution using PCs conforming to the TCG standard.
ETS 4.0: In September, Wave launched the next version of its
secure enterprise software, EMBASSY(R) Trust Suite (ETS) 4.0. New or
enhanced features include the ability to set strong security
preferences for authentication and hardened data protection tailored
to business needs. Wave's ETS 4.0 is available in Professional Edition
and Enterprise Edition client packages, or in a client/server package
that includes the EMBASSY Trust Server - Key Transfer Manager
Enterprise Server AD 2.0.
New Distribution Channels: During the third quarter Wave announced
three new distribution partners, including Envoy Data, CSS
Laboratories and SmartAxis SA.
Market Outreach - Wave promoted the Trusted Computing story in a
series of trade show appearances, including the DOIM Conference,
targeting military and national security customers; IBM Partner Summit
2004, targeting IT markets in northern Europe; and the FBI ITEC
conference and the Intel Developer Forum.
In July Wave joined the ARM(R) Connected Community, enabling Wave
to gain access to a full range of resources to help it market
innovative solutions associated with the new ARM TrustZone(TM)
technology that will enable developers to get their ARM Powered(R)
products to market faster.
Todito, a leading Internet portal, ISP and e-commerce site for
North American Spanish-speakers, launched Todito TV Premium, an online
service offering DVD-quality videos that utilizes Wavexpress' platform
and player. In addition, Wavexpress and thePlatform for media, a
leading provider of software for broadcast and broadband rich media
content management, integrated Wavexpress' WX broadband video
technology and thePlatform media publishing system(TM).
VH, re: your SCM post
Does anybody know the status of this SCM announcement?
http://www.scmmicro.com/corporate/p_report.html?release=111&year=2001
excerpt........."As the reader technology partner for European financial organizations such as FINREAD and Giesecke & Devrient, SCM is the acknowledged market leader in high-end security smart card readers for sensitive and critical online transactions," said Dennis Sears, vice president, financial services, Wave Systems. "Combining the open programmable architecture of Wave’s EMBASSY® platform with SCM’s hardware platform will enable our Level 5 readers to dynamically meet, on demand, the differing requirements of multiple security network and transaction systems, and allow for the devices to be easily upgraded in the field to meet evolving security standards or to provide new services."
Player1234
Thanks for the correction. I thought all classes expired at the end of the month. Apparently, according to your post, Wave still is incentivized on some level of right/warrant expiration to get some news out.
Here's to a good Q3 CC !!
kevin_s5
dig space
I believe Wave worked hard to be able to get their numbers out early. Why? The company needs additional financing within the next 3 to 5 weeks. According to the terms of the last deal, the purchaser was granted rights to buy stock at $1, and warrants exerciseable at $1.15 and $1.30. With the rights and warrants set to expire at month's end, does it not seem likely that Wave could have some very good news to announce? A favorable reaction by the stock could result in an additional $8.7 million dollars to Wave.
What would be the justification for speeding-up the release of bad news?
Trusted platform modules eye embedded
18 Oct 2004
Security in embedded systems is emerging as a critical concern. Handheld appliances that have become ubiquitous are perhaps the most challenging to secure. Because of their small form factors and mobility, the devices are easily lost or stolen. Meanwhile, security solutions for these appliances are highly constrained by their cost, size limitations, use of computing and battery resources.
One of the primary concerns of designers of these appliances is finding ways to dramatically improve security while working within the constraints of cost, size, power and processor limitations. These designers must, along with everything else, recognize the importance of keeping development costs and time-to-market at a minimum.
Trusted platform modules (TPMs), which implement trusted-computing security objectives in a low-power, high-performance hardware/software combination, help designers meet this challenge effectively.
The TPM is a microcontroller based on an industry standard specification issued by the Trusted Computing Group (TCG). The controllers store passwords, digital certificates and encryption keys and provide secure and affordable authentication, encryption and network access for a variety of computing platforms. This hardware-based "root of trust" can be extended to include associated software and enables the accurate measurement of security risk. Once risk can be measured, risk mitigation can be implemented, including appropriate policies, underwriting risk and improving the computing environment.
More specifically, the TPM is a secure key generator and key cache management device that supports industry standard cryptographic APIs. TPM generates, stores and manages cryptographic keys in hardware, leveraging the resources of the rest of the system platform and allowing for cost-effective "hardening" of many applications that previously relied solely on software encryption algorithms with keys hidden in unsecured memory.
In embedded systems that employ only software encryption of data and files, keys are usually stored in unsecured memory. Keys can be stored on a removable token, such as a smart card or USB dongle, which are easy to misplace, and costlier than TPMs. TPMs store encryption keys—including the storage root key, endorsement key and other sensitive data in non-volatile memory that is protected by the TPM controller and the TPM's tamper-detection circuits.
TPMs manage five major security functions. They perform public-key functions for on-chip key pair generation using a hardware random-number generator (RNG); and manage public-key signature, encryption and decryption to enable secure storage of data and digital secrets. They store hashes (unique numbers calculated from pre-runtime configuration information) that enable verifiable attestation of the machine configuration when booted; and create endorsement keys that can be used to anonymously establish that an identity key was generated in a TPM. And they initialize and manage functions that allow the owner to turn TPM functionality on and off, reset the chip and take ownership of its functions.
A true RNG is used in the creation of RSA key pairs internal to the TPM. The TPM's microprocessor controls the functions and sequencing of the entire TPM, including its internal functional blocks and its interface to the rest of the system resources. It moves data between the system processor and the internal TPM memory and sequences the cryptographic engine. The TPM's RNG generates the seed numbers for the cryptographic processor's encryption, decryption and key generation functions. By offloading the RSA calculation from the general-purpose system processor, TPMs typically can improve both system and encryption performance.
TPMs use hash algorithms to test system software and hardware in their known trusted states. The measurements are then stored in secure non-volatile memory. Subsequent measurements are compared with the stored trusted-state measurements, and any changes will alert the system that the software or hardware has been modified, indicating invasion by viruses or worms.
Security challenges
The distinction between computers and embedded devices is blurring, especially in the emerging handheld multimodal appliances that may have a PDA, a cellphone and a camera all in the same device. Even cameras now have the ability to run software usually thought of as computer applications, such as simple photo-editing programs.
Thus, depending on the type of device, an embedded system may need to provide secure creation, processing and storage of any or all of the following: user identification; network access that allows only authorized devices to connect to a network or service; storage for sensitive information, such as passwords, PINs, keys and certificates; protection from viruses and Trojan horses; protection of hardware from physical and electrical attacks (tamper resistance); privacy and integrity of data communicated to/from other devices or servers in a network; and assurance that content downloaded to or stored in the appliance is used in accordance with the terms set forth by the content provider.
The challenges for designers fall into six general categories:
• Computational overhead for security algorithms—Since TPMs include dedicated low-power, high-performance processors for algorithms and other security functions, the designer is spared the choice of either overloading the main CPU or having to add a separate processor for security functions, with the associated development of code to run it.
• Lack of universally interoperable standards—When compared with proprietary solutions, an industry standard specification, such as that developed by the TCG, which now has more than 70 members across the computing spectrum, helps ensure that vendors can create interoperable devices and can benefit from the experience and intellectual assets of a number of companies.
• Limitations on available power—By some estimates, running security applications on a battery-powered device can decrease battery life by as much as half or more. With the power economies realized by running security functions in hardware rather than in software, TPMs can significantly extend battery life.
• Vulnerability to physical invasion like loss or theft—Some vendors' TPMs use tamper-detection circuits that detect any attempt to break into the module, although this is not required by the TCG specification. For example, voltage, clock frequency and other aspects of the TPM's operating environment can be monitored for signs of tampering. If the environment moves out of a prescribed range, the tamper-prevention circuits will take action to prevent access to sensitive information stored within the TPM.
• Cost and time-to-market considerations—Proprietary security solutions often use pseudo-RNG rather than true RNG, for example, which makes the keys more vulnerable to cracking. Those solutions are often done in software only, which is not only computationally inefficient but also much easier to crack. In addition, if the solution needs to go through a certification process, this adds substantially to cost and slows down time-to-market. Since TPMs are standards-compliant, the savings in time and money over proprietary solutions is substantial.
• Security weaknesses in wireless communications—Mobile appliances often use wireless communication, which means that the physical signal is easily accessible to eavesdroppers and hackers. Wireless security is a challenging problem that must be addressed by most mobile appliances.
Wireless security has been most often based on protocols, typically implemented in software and often not thoroughly tested. In contrast, TPMs provide hardware-based security, implementing algorithms that have undergone extensive testing. By providing an effective way to solve all the general areas of security that challenge embedded-systems designers, TPMs are much more secure and much more affordable than existing software-only solutions. OEMs now can provide affordable, certifiable hardware security in open-system architectures based on industry standards.
- Kevin Schutz
Product Manager, Secure Products
Atmel Corp.
Cisco/Microsoft Security Pact,
Promising but Short on Details
21 October 2004
On 18 October 2004, Cisco and Microsoft announced a partnership to make their scan-and-block network security systems interoperable. Cisco and Microsoft will work toward interoperability of Cisco's Network Access Control and Microsoft's Network Access Protection architectures.
Analysis
Gartner believes scan and block is an important security enhancement for enterprise networks. Cisco and Microsoft working together could simplify scan-and-block implementations, thereby improving enterprise protection against worms and other attacks.
It's promising that these industry giants are cooperating, but they need to provide more details. Neither company has announced a time frame or a road map, which is a cause for concern. To convince their customers that they are serious, Cisco and Microsoft need to make implementation details public by 1Q05, or 2Q05 at the latest. These details must include plans for the use of industry-standard protocols to avoid a proprietary approach that locks customers into Cisco hardware or Microsoft software. If Microsoft and Cisco don't move quickly on these issues, customers should look to other vendors for scan-and-block capabilities, such as those proposed by vendors that are part of the Trusted Computing Group's Trusted Network Connect initiative. However, if Cisco and Microsoft demonstrate real development of open, interoperable solutions, their joint customers will benefit significantly in the long term, since their strategic product families will include built-in, interoperable scan-and-block functions.
Recommendations: Before this announcement, Gartner advised implementing scan-and-block technology now and not waiting for Cisco and Microsoft to complete their road maps. This advice still holds. Cisco and Microsoft still have substantial work to do to advance their own scan-and-block solutions. Microsoft will delay Network Access Protection and will ship it as part of Longhorn in 2007. In the meantime, security managers should look to the growing field of vendors that offer independent scan-and-block products, including Sygate, InfoExpress and Check Point Software Technologies.
If you were already moving toward deploying third-party scan-and-block solution, don't delay. If you are waiting for a Cisco or Microsoft solution, make it clear to those vendors that you require standards-based approaches.
Extending Identity
http://www.computerworld.com/securitytopics/security/story/0,10801,96490,00.html?nas=SEC-96490
Though federated identity management technologies promise improved access to networks and cost savings, issues of trust and interoperability slow adoption.
OCTOBER 11, 2004 (COMPUTERWORLD) - The reduced identity administration costs, improved access to cross-organizational applications and better security promised by federated identity management systems are finally beginning to drive corporate interest, say proponents of the technology.
But organizational trust concerns and nagging interoperability problems continue to pose big challenges.
"Identity federation has been talked about for some time, but it is only now that we are really seeing a number of customers showing interest in it," says Jason Lewis, vice president of product management at RSA Security Inc. in Bedford, Mass.
"The main reason why users are looking at federated ID management is to make it easier to do business online for their customers, business partners and their employees," he says.
Identity federation allows users to present a single set of identity and authentication information to access applications and services across multiple domains and distributed, heterogenous networks. A federated system allows a user's identity in one domain to be used to gain access to resources in another domain without the need for separate authentication.
Federated identity projects enable single sign-on to cross-organizational resources, while other identity management systems focus on improving internal access to resources.
One company that's implementing cross-domain authentication is insurance provider Nationwide Financial Services Inc., which recently deployed a federated identity system using technology from RSA Security.
The system lets thousands of Nationwide insurance agents and brokers go to a central portal site where they can access the Columbus, Ohio-based company's applications as well as applications hosted on sites belonging to some of its partners.
Previously, Nationwide's agents needed to create separate accounts and passwords with the third parties to access their applications. The partners, in turn, needed to maintain their own lists of usernames and passwords for Nationwide's agents.
With identity federation, the agents have to authenticate themselves only once on the central Nationwide portal and simply click on the appropriate links to access applications on the partner sites.
RSA's Federated ID Manager technology intercepts an agent's request with his log-in information. It generates an encrypted Security Assertion Markup Language (SAML) message containing the user's identity profile and other authentication information that the partner needs in order to let the user access its applications.
The SAML assertion and the browser session are then directed to the partner's site, where another federation server or agent parses the packaged identity information and uses it to grant access to the application the agent wanted.
Such cross-domain identity assertion can yield multiple benefits, says Daniel Blum, an analyst at Burton Group in Midvale, Utah.
"There are many different use cases for federation in the business-to-business, business-to-employee and business-to-consumer [areas]," Blum says. For example, an organization might federate identities to provide employees with access to benefits information, enable better information access to business partners or deliver more integrated services to consumers.
Federation can also improve security. For example, since identity information is centrally administered and managed, it becomes easier for companies to deprovision access to federated resources when an employee leaves a company or is terminated.
Such benefits have convinced a small but growing number of companies to implement federated identity management systems.
Harvard Pilgrim Health Care Inc. is using a federated identity model to present members with claims information from a partner site. The health care organization has deployed technology from Waltham, Mass.-based Netegrity Inc. that allows it to take a member's identity information and assert it on the claims presentation partner's Web site. The ability to deliver such access via a federated portal is a crucial competitive advantage, says Ken Patterson, information security officer at Wellesley, Mass.-based HPHC.
For the U.S. Navy, identity federation is a core enabler in a massive ID management project designed to make it easier for over 800,000 ship- and land-based naval personnel to access thousands of scattered applications using a single sign-on. When complete, the system will allow a sailor or marine to use a single, unique Naval Network Identity to access scores of applications and network services. Previously, users had to maintain dozens of usernames and passwords to access these different resources, says Terry Howell, enterprise services lead at the program executive office for the Navy's Command, Control, Communications, Computers and Intelligence project at the Space and Naval Warfare systems center in San Diego. Cupertino, Calif.-based Oblix Inc. is providing the Navy with the federated SAML authentication technology that is needed to assert identities across domains.
Southwest Airlines Co. has deployed Oblix's NetPoint access control and ID management technology to broker access to Southwest's external business partners. In one example, Southwest is using the SAML-enabled identity management system to vouch for the identity of employees accessing repair manuals that are hosted on The Boeing Co.'s systems.
Slowly Gaining Traction
Though adoption of the federated model is growing, the number of implementations so far is still relatively small, Blum says. "We estimate there's between 200 to 300 deployments of federated identity today," he says. "The greatest interest is in the financial services sector, with significant interest also in manufacturing, government and telecommunications."
Most of the activity has been in large companies that are using identity federation to link networks with subsidiaries, widely dispersed internal business units and partners with whom they have trusted relationships, says Venkat Raghavan, security manager of IBM's Tivoli Software business unit.
Raghavan sees the growing use of mobile technologies and the attempt by wireless providers to deliver more services to handhelds as another driver of identity federation. Being able to use next-generation mobile devices to pay multiple bills or access peer-to-peer applications will require identity federation to play a big role, he says.
Despite the growing interest, there are several formidable challenges that companies need to consider when thinking about deploying federated identity systems, he says.
The biggest by far is trust, Raghavan says. Partners in a federated system are essentially vouching for the identity of their users and their need to have access to services on another network.
Before a federated system can be set up, many issues must be sorted out relating to the roles, privileges and access rights for individuals on partner networks. There also needs to be a high level of assurance around the procedures and policies that federated partners employ for authenticating users and assigning roles to them.
"There is no warm, fuzzy feeling around the validation of an individual whose account you have no control over," says HPHC's Patterson. "We are dealing with the most sensitive medical information. We want to have the highest level of assurance around the identity of our users," he says.
"It is really difficult to trust a network outside of what you control," says the Navy's Howell. "The negative consequences of an [identity-related security breach] could be quite drastic."
As a result, identity federation works best where the business model is built on interaction between different companies and domains, says Rick Caccia, director of product management at Oblix. When legal and trust processes are already in place, cross-domain user authentication becomes easier to accept, Caccia says.
Interoperability is another key issue, since identity federation involves the exchange of security information across different domains and servers. The most widely used standard for doing this today is SAML. Another standard is the Liberty Alliance Project's Identity Federation Framework. Both standards specify the manner in which organizations package and encrypt the identity information they share with one another.
But different versions of the specifications, and the ways in which vendors of federated identity management products have chosen to implement these standards, can create interoperability problems, Blum says.
Organizations that are embarking on identity federation projects also need to figure out a way to bring partners on board, says RSA's Lewis. Unless you make it as easy and cost-effective as possible, there is little incentive for partners -- especially the smaller ones -- to link into a federated identity system, he says.
At the end of the day, federation just makes cross-organizational access easier, Raghavan says. For example, an employee who previously needed to separately log in and authenticate himself on his 401(k) provider's site might no longer need to do so if he's already logged in on his employer's human resources site.
But federated identity doesn't enable new access where none existed before, Raghavan says. Therefore, it becomes crucial to have a clear understanding of the specific cost, access and security value it can deliver, he says.
awk,
Is this why you're asking?? lol
Re: Oct. 26th...DEVASTATION DAY for
by: cmfconsulting 10/21/04 12:30 pm
Msg: 61459 of 61462
Well count me among the delusional for now then - LOL!!
No way wavx is releasing their results way early like this if it's bad news. Time to ride the wavx baby!!!!
Hi Carl,
great post! you got me on that one! LOL
snackman, they forgot one!
Dow Jones Newswires
10-21-04 0845ET
RSA Security 3Q Net Up On Revenue, Sees Strong 4Q > RSAS
BEDFORD, Mass. (Dow Jones)--RSA Security Inc. (RSAS) posted higher
year-over-year earnings for the third quarter on continued revenue and demand
growth.
The company expects the momentum to continue into the fourth quarter,
resulting in improved earnings for the period.
In a press release Thursday, the Internet-security software maker said
third-quarter net income increased to $8.7 million, or 13 cents a share, from
$3.6 million, or 6 cents, for the same period a year ago.
Analysts surveyed by Thomson First Call forecast net income per share of 12
cents.
Revenue for the third quarter rose 19% to $76.7 million from $64.5 million
in the 2003 third quarter. RSA Security said revenue growth and expense
management enabled it to increase operating margin to 15.2% in the third
quarter from 10.2% in the year-ago quarter.
RSA Security shipped products to more than 5,100 customers in the third
quarter, including 800 new customers. Combined backlog and deferred revenue
rose 24% in the third quarter to $52.5 million from $42.3 million a year ago.
STMicro qrtly highlights (barge, you'll like this)
Products, Technology and Design Wins
-- Nokia and ST expanded their cooperation into the area of Series 60
product creation. ST's Nomadik family of multimedia application
processors for 3G mobile devices has been adapted and optimized to
support the Nokia Series 60 Platform, enabling faster handset
development for Series 60 licensees.
-- ST's Nomadik mobile multimedia platform was designed into a major OEM
for a next-generation multimode 3G mobile phone. ST has also launched a
new version of its award-winning Nomadik application processor and
began sampling the second generation product.
-- Several design wins were achieved for single-chip and dual-chip
Bluetooth products for cellular platforms, handheld, and telematics-
based global positioning systems, which will be used in both the United
States and Asia, including a major design win at a leading Japanese
manufacturer.
-- ST concluded an agreement to form a joint venture with HDIC, a company
of the prestigious Shanghai Jiaotong University, which develops
technologies for digital TV. The joint venture will develop, market,
and sell middleware software for digital TV and set-top boxes (STBs)
for both the Chinese and worldwide markets.
-- ST introduced the most highly integrated single-chip solution yet for
high-definition set-top boxes. The new IC, which will provide more
sophisticated features for consumers and greater security for content
providers, has already been chosen by Oplus Technologies Ltd for a new
reference design for high-definition integrated digital TV sets. In
addition, TCL-Thomson Electronics (TTE) has awarded ST with a design
win for production in 2005 of a digital tuning module for CRT, LCD and
plasma display panel TVs, based on a platform that has been built
around ST's new high-definition MPEG decoder IC.
-- A new power-supply and control IC for the low noise blocks (LNBs) used
in set-top boxes and integrated digital televisions was launched by ST.
ST also published a set of extensions to the DiSEqC (Digital Satellite
Equipment Control) specification - a widely used protocol that allows a
satellite STB to control peripheral devices connected to the coaxial
cable - which will enable the box to manage an LNB based on ST's
SaTCR-1 satellite channel router chip.
-- ST, NDS, and Thomson announced the formation of the SVP Alliance with
the aim of making SVP (Secure Video Processor) a leading, open
specification for secure content protection in digital home networks
and consumer electronic devices.
-- ST became the first semiconductor manufacturer to join the Chinese Open
Platform Initiative, which is developing a new computing platform based
on Linux open-source software. ST will work with Chinese, French, and
other partners to develop low-cost, high-performance hardware/software
platforms for a complete chain of compatible open-source systems, from
servers to mobile terminals and consumer appliances.
-- ST announced a new range of LCD scaler chips that builds on the success
of its widely-used existing families. The new devices have already been
chosen by several LCD monitor makers and by a leading PC manufacturer.
-- ST announced the availability of its complete Trusted Computing Group
(TCG) 1.2 Solution, which delivers an off-the-shelf TCG-enabled
security solution for desktop and laptop PCs.
-- To address the fast-growing security market, ST introduced a new family
of advanced dual-interface (contact and contactless) secure ICs aimed
at the International Civil Aviation Organization (ICAO) program for
electronic passports.
-- ST started to sample key customers with its 90nm NAND Flash technology.
Production has been launched and volume shipments will start in Q4.
This state-of-the-art technology is instrumental in offering
competitive high-density data storage of 1-Gbit and above.
-- ST's single-chip FM/AM tuner (FST) with stereo decoder and audio
processor has been adopted by several leading manufacturers of
communications and broadcasting products for use in new radio tuner
modules. These design wins dramatically increase ST's presence in the
market, especially in the Asia-Pacific region.
-- By utilizing its experience in IC development for AM/FM reception in
car radio applications, ST has developed, and is now sampling, a fully
integrated, low voltage and low power FM tuner IC specifically tailored
for hand-held devices, such as mobile phones, MP3 players and PDAs.
-- ST began shipping samples of its Tintoretto hard-disk drive System-on-
Chip (SoC) with integrated Read/Write channel to a major customer.
-- A two-axis analog accelerometer reached production volume with a
leading manufacturer in a fitness monitoring application, while ST
achieved major design wins for MEMS (Microelectro-Mechanical Systems)
accelerometers in a variety of applications, from laptops to washing
machines. In addition, free-fall-detecting applications are being
tested by major manufacturers worldwide in the areas of cellular
handsets and hard disk drives.
vader, not so ripe, yet
The stock price must move past the exercise price by the expiration date. My hunch is that next Tuesday's release and subsequent CC might just be the catalyst.
Wave Systems also granted the purchaser an additional investment right,
which expires in 90 days, to purchase an additional 3.5 million shares of
Class A common stock at a price of $1.00 per share. The purchaser also was
granted warrants to acquire shares of Wave's Class A common stock at exercise
prices of $1.15 and $1.30 per share.
I think this is good news!
19AM Wave to Host Q3 Webcast/Conference Call Tuesday, October 26th at 4:30 P.M. EDT
LEE, Mass., Oct 21, 2004 (BUSINESS WIRE) -- Wave Systems Corp. (Nasdaq: WAVX)
announced today that on Tuesday, October 26, 2004 at 4:30 P.M. EDT it will host
a webcast/conference call reviewing recent corporate and industry progress as
well as Wave's results for the third quarter ended September 30, 2004. Wave's
results will be issued after the market's close.
WEBCAST/REPLAY: available at http://www.wave.com and archived for
30 days.
TELEPHONE: via 212-271-4560 or 415-537-1970. Please call five
minutes in advance.
About Wave Systems
Consumers and businesses are demanding a computing environment that is more
trusted, private, safe and secure. Wave is the leader in delivering trusted
computing applications and services with advanced products, infrastructure and
solutions across multiple trusted platforms from a variety of vendors. Wave
holds a portfolio of significant fundamental patents in security and e-commerce
applications and employs some of the world's leading security systems architects
and engineers. For more information about Wave, visit http://www.wave.com.
Has anyone listened to this?
I can't get the audio portion
Microsoft Executive Circle Webcast: Security360 with Mike Nash—Information Risk Management
http://msevents.microsoft.com/cui/WebCastEventDetails.aspx?culture=en-US&EventID=1032259708&...
* This event was Recorded on Tuesday, October 19, 2004 *
Recommended Audience: Technology Decision Maker.
Description: Security360 is a monthly webcast series hosted by Mike Nash, Microsoft's senior executive in charge of security. October's show introduces the concepts of security risk management and provides IT professionals and business decision makers a common process to reduce the impact of security threats to their organization. Managing risk in today's complex IT environments requires a combination of technology, polices and process. Employing the methodologies within Information Risk Management can help prioritize these efforts and bridge technical and business needs. As on every Security360, this show includes commentary from industry experts, a checklist of recommendations and resources, a live Q&A session and a progress update on Microsoft security enhancements.
Presenter: Mike Nash, Corporate Vice President Security Business & Technology Unit, Microsoft Corporation
Click the link below to view this On-Demand Webcast
barge, ARM and STMicro
CAMBRIDGE, England, Oct. 20 /PRNewswire-FirstCall/ -- ARM (LSE: ARM);
(Nasdaq: ARMHY), announced today, at the first ARM(R) Developers' Conference
in Santa Clara, Calif., that it has released the latest PrimeXsys(R) Platform
based on the ARM1176JZF-S(TM) 32-bit processor core to their lead Partner,
STMicroelectronics. This latest ARM PrimeXsys Platform technology is being
designed into STMicroelectronics Nomadik(TM) family of multimedia application
processors.
"As an integral part of ST's Nomadik(TM) family of application processors'
evolution, the ARM1176JZF-S PrimeXsys Platform with TrustZone technology will
help ST to continue to offer the highest level of performance and security,"
said Richard Chesson, director of Marketing, Multimedia Platform Unit in ST.
"By combining Nomadik's world-leading multimedia performance with the
ARM1176JZF-S processor's computing power and security features, we can better
deliver the rich multimedia content and experience, as well as application
performance that customers of new mobile services and operators will demand."
The new PrimeXsys Platform has been developed using the AXI(TM) Backplane,
which provides a data-efficient, highly-optimized link from the processor,
through the Level-2 cache and memory controller, to external memory. The
platform also implements ARM TrustZone technology for enhanced security, ARM
Intelligent Energy Manager (IEM) technology for power efficiency, and
CoreSight(TM) technology for easier system debug and faster time-to-market.
The platform is the first reference design for ARM TrustZone technology; a
solution designed to support and meet the needs for enhanced security in
next-generation consumer and wireless devices. TrustZone technology includes
the ARM TrustZone architecture extensions as well as the recently announced
TrustZone software. In the ARM1176JZF-S PrimeXsys Platform, security is
treated as a system-level concern where tight integration of hardware with
trusted software delivers significant benefits in terms of time-to-market and
reduced risk. ARM TrustZone technology helps to protect the operating system,
the protocol stack and the network against attack as well as securing users'
mobile data and downloadable applications, games and media content.
Ongoing consumer demand for increased performance in applications such as
mobile multimedia and digital TV has led to more complex systems and the need
for significant in-system performance gains. Due to these demands, developers
have become far more aware of the power consumption of the processor. The
ARM1176JZF-S processor within the PrimeXsys Platform is the first ARM
processor to integrate support for ARM Intelligent Energy Manager technology,
which increases the battery life of handheld portable devices by optimally
balancing processor workload and power consumption. This enables end users to
take advantage of the latest mobile applications for significantly longer
intervals before their device requires re-charging.
In addition to improved performance, the inclusion of CoreSight technology
for system level debug and trace, equips Partners with system-wide monitoring
and profiling capabilities in one package, reducing system integration time by
up to 40 percent. The technology is ideal for engineers looking to develop
high-performance SoC designs for multimedia, wireless and set-top box
applications.
Verification is one of the biggest investments when developing a SoC and
the PrimeXsys Platform delivers a fully configurable verification environment.
This verification environment provides a mechanism to run concurrent tests to
establish data flow interactions in the PrimeXsys Platform-based SoC system
enabling system designers to complete their high-performance ARM1176JZF-S
processor-based SoC rapidly and with low risk.
"A tightly integrated subsystem around the CPU core fundamentally
determines overall system performance, security and power efficiency," said
Bryan Lawrence, product marketing manager, PrimeXsys Platforms, ARM. "The
ARM1176JZF-S PrimeXsys Platform significantly enhances design productivity
while enabling design teams to customize and differentiate the design for
their specific application and market requirements."
eamonnshute, today's IBM announcement:
http://www-306.ibm.com/common/ssi/rep_ca/7/897/ENUS104-407/ENUS104-407.PDF
24601,
In the case of the Microsoft dividend, any option listed as of the ex-date will be adjusted downward by $3. So, if you have a Dec 30 put, you'll own a Dec 27 put, etc.
vader
nope, in my opinion, no financing is taking place. Wave will wait to see if the Nov 2 expiring options will be exercised.
I would view a Q3 earnings release date prior to the option expiration date, as opposed to the normal 6 weeks after the end of the quarter, as a very positive sign. jmo
Doma,
Isn't this a broadening of their TPM-equipped product line?
Prior to this it was only the Fujitsu S7010 and E8010 (with the 865GME chipset) laptops with TPMs.
weby, I know, I know!! lol e/
Another partner, another conference.......
sorry if already posted
http://www.complianceease.com/about/alliances.jsp
http://www.nantucketconference.com/audience.html
Enterprise Security is Worst Ever
Experts at Etre technology conference say lack of integration is a problem
http://www.snpx.com/cgi-bin/news5.cgi?target=www.newsnow.co.uk/cgi/NGoto/72725373?-2622
By Scarlet Pruitt,
IDG News Service October 12, 2004
CANNES - Despite the number of IT security products and services cramming the market, businesses are more exposed than ever to emerging threats, according to industry experts speaking at the Etre technology conference in Cannes on Tuesday.
"Enterprises are more exposed than a year ago.The hackers have won!" said Eli Barkat, managing director of venture capital firm BRM Capital, who has been involved in investing in security firms.
Barkat cited a lack of innovation in the security industry as why the situation has not improved.
Mike Dalton, president of McAfee Inc. in Europe, the Middle East, and Africa, agreed that the security situation is dire, but said that innovation was not necessarily the roadblock. A major problem is a lack of integration in security products, he said.
And while all the experts predicted further consolidations among security companies, that will not necessarily lead to more comprehensive, integrated products, they said.
"Today the security business is very diverse and very complex," said Phillip Dunkelberger, president and chief executive officer of encryption company PGP Corp. "You have four or five different point solutions and they don't all work together."
Yanki Margalit, president and chief executive of digital rights management provider Aladdin Knowledge Systems Ltd., agreed that enterprises are more exposed than ever, but did not put the blame squarely on security company's shoulders.
"This is a long-term fight. There are so many threats," Margalit said.
Part of the remedy would be widely available tools that help developers check the security of the applications they are building, commented Barkat, adding that he hopes Microsoft Corp. takes a leading role.
On the subject of the software giant, the experts were divided on the work the company is presently doing on the security front.
"Microsoft is clearly not doing a good job at security. Most people in this room who work in security have their jobs because of Microsoft," said McAfee's Dalton.
Margalit disagreed. "Microsoft is getting its act together. They did a horrible, terrible job (in the past) but now they are serious. I believe that they will be a very strong security player and force the rest of the industry to be niche players," Margalit said.
While the speakers gave no clear direction on the path the industry needs to take to truly alleviate companies' security woes, they did have some words of advice. Invest in integrated security products and avoid security appliances whose architecture changes after a few years, Barkat said.
Forget about white lists, which normally refers to a list of e-mail address from which you agree to get mail, thinking they are safe. You will fail if you try to define everything you can do, Margalit said.
"We need to get out of the defense mode and allow companies to go on the offensive," said PGP's Dunkelberger.
Despite the various opinions, on one point at least everyone seemed to agree.
"The existing security situation sucks," Barkat said, to resounding nods from attendees.
The Birth of CyberTrust
Published: 11th October 2004
Author: Robin Bloor
Channel: Information Security
The evolution of new technology markets usually follows a pattern. It begins with a large number of small companies with a variety of products, few of which have significant market share. They compete and through the process of market growth, mergers and company failure a much smaller group of credible vendors emerges. From these a few will be destined to become big players and eventually dominate the market.
It doesn’t always play out like that – it depends on the market – but that scenario is common, and in my view, this is roughly what is happening in the IT security market right now. It is a fast growing market and there are already big players; Cisco, CA, Symantec, Checkpoint, RSA and Network Associates – to name just a few. Neither of course is it a new market, as CA has been in IT security forever and, Symantec and Network Associates have been selling anti-virus for years too.
However the explosive growth of the market is recent, driven by a veritable crisis in IT security. New players appear regularly but M&A activity is also high. It is a kind of mix of an old market and a new market, and one which many companies now have an interest in because of the “compliance” epidemic.
A few weeks ago, Betrusted Holdings and TruSecure Corporation announce a merger, rebranding the merged company under the name CyberTrust. This is interesting for several reasons. First of all the merged entity has about $160 million in annual revenue (1000 employees, 4000 clients), so it is not a small company. Secondly the combination of the companies creates what can claim to be a strategic platform for IT security.
Betrusted contributes Identity Management solutions and brings with it its subsidiary Ubizen, which provides Managed Security Solutions globally and also has specific technology for protecting Web servers. TruSecure provides risk management and compliance products and has a key asset with its intelligence gathering resources, which include ICSA Labs, a leader in information security product certification. The merged company has extensive IT security experience - its CTO, Peter Tippett was the inventor of the world’s first anti-virus product – and a strong consultancy team with experience in many IT security assignments with large companies. The purpose of the merger is, not surprisingly, to create a global IT security company.
Developments like this a straw in the wind. Identity Management is one of the foundations of IT Security, and will become, in my opinion, a necessary element of any IT Security platform. Antivirus, firewalls, even IDS technology are merely components by comparison. Similarly compliance products, advice and consultancy are strategic and so is the ability to provide a comprehensive managed service.
Of course, how well the merger works remains to be seen. In any event, I’m beginning to believe that the IT security market is maturing and soon it will rationalize into true platform providers, allying themselves with component companies that can plug in complementary products. This is no bad thing. If anything needs to be implemented in a strategic manner it is IT security.
Doma
I don't think so:
http://www.national.com/pf/PC/PC21100.html
The PC21100 includes a CompactRISC embedded RISC core for hidden execution of security code, flash memory-based secured information storage, SecureRun, a performance accelerator that supports cryptographic algorithms (SHA-1 and RSA), and a true RNG.
(Wave mention) Should Your Computer Trust You?
under the section titled "leveraging TPMs"
http://www.epn-online.com/page/15671/should-your-computer-trust-you----an-insight-on-the-meaning-of-...
An insight on the meaning of trusted computing platforms
Trusted computing platforms
October 2004
In 1999, Compaq, HP, IBM, Intel and Microsoft initiated an industry standards body, now known as the Trusted Computing Group (TCG at www.trustedcomputinggroup.org), dedicated to enhancing the security of the computing environment across multiple platforms and devices. The TCG now comprises over 50 members, implementing so-called trusted computing platforms (TCP) either in discrete hardware or embedding IP blocks within processor chips. One key objective of building TCP modules is to prevent identity theft from both external software attack and physical theft, protecting passwords and keys. Another strong point of TCP implementations is the capability to validate a machine's original configuration before it allows any transactions, hence securing data access and enabling online commerce transactions. The basic idea behind a Trusted Platform Module (TPM) is to offer shielded locations in hardware (memory, register, etc.) where it is safe to operate on sensitive data. These locations protect a unique Endorsement Key (EK, 2048-bits long) that can be generated by the TPM manufacturer on the wafer or done by the OEM, and from which can be derived several Attestation Identity Keys for accessing different services under different identities (all this managed by the user), effectively creating the basis for a public key infrastructure. The TPM also protects encrypted integrity measurements about the computer platform, known as Platform Configuration Registers (PCRs). This encrypted data is used as a fingerprint of the hardware and software configuration data.
Who do you want to trust?
So not only the platform is identified, but it is also checked to be running in the appropriate configuration, hence preventing software-based attacks (these would change the hashed value of the integrity measurements). But then, the number of permutations for devices, services, hardware/software/firmware versions, is too large to be completely defined at all times. At corporate level, this may be solved by strict policy and control, or by stage measurements and updates, ensuring that certain software is properly running and updated before granting a machine access to sensitive network resources. But for consumers who are not backed up by an IT department, and who subscribe to different services who's providers implement TPM security, keeping the PCRs up to date may prove quite a challenge. Indeed, if paid services require a specific configuration, and the user changes this configuration (either knowingly or not, maybe due to shared-component issues, and not necessarily due to a virus attack), then they should be denied access to those services. In order to re-qualify for the service, the user will need to undo the changes, or reinstall the affected software components. Of course, finding the fault may not be obvious and no one wants to take the blame. This may raise some conflicts of interest too, say between different content providers requiring exclusive platform configurations to offer their services. Well, if a TMP-based system denies a valid user access for too trivial a reason too often, it will be rejected. In fact, the TPM must be enabled by the owner, and it can be turned off (giving up with the whole idea altogether). Many computers if not most new ones are already shipping with TPMs mounted, with little user awareness so far. Economics will tell what's worth protecting first, the user's interests, or the service provider's.
Some specifications for TPMs
TCG 1.1 specifications require that private key data never leaves the TPM, which can't be removed or swapped without triggering a status change. The module should have the capability to implement all TPM commands, with an internal math engine to accelerate asymmetric key generation, encryption, decryption, hashing (SHA-1) for measurement values, and to Random Number Generation (RNG). It must be built with tamper resistance to prevent physical attacks that might reveal TPM or user secrets. Again, the TPM does not measure, monitor or control anything, it only stores encrypted measurement values. The platform owner (typically the IT department) controls the TPM and must opt-in using initialization and management functions. The Trusted Computing Group also released Software Stack (TSS) specifications, that define a standard software interface for accessing TPM functions and facilitate application development and interoperability across platforms.
Current offerings
Betting on a discrete solution, STMicroelectronics announced a single-chip Trusted Platform Module meeting the current TCG 1.2 specification. The ST19WP18-TPM is based on an 8-bit CPU architecture with embedded set of memories (ROM, RAM & EEPROM NVM) and security features. A 1088-bit arithmetic processor speeds up cryptographic calculations using Public Key Algorithms. Packaged in a TSSOP28, the module includes software layers to support Windows 2000/XP OS drivers, and Memory Absent and Memory Present BIOS drivers. Other software modules are under development, complying with the TSS specification.
National Semiconductor just announced the PC8374T Desktop Trusted I/O device, a discrete solution that integrates a Trusted Platform Module within a Super I/O chip, together with embedded firmware to implement industry-standard TCG 1.1b compliant security functions. Based on the company's embedded 16-bit CompactRISC core technology for hidden execution of security code, the chip also features flash memory-based secured information storage, SecureRun, a performance accelerator that supports cryptographic algorithms (SHA-1 and RSA), and a true RNG. It mounts on the low pin count (LPC) bus.
Infineon is also in the game with the SLD 9630 TPM chip, based on its 66P secure controller family. Compliant to TCG 1.1b specification, the chip offers active shielding against physical attacks, as well as frequency and temperature sensors. To facilitate integration into customer platforms, the company provides firmware which runs on the secure controller, the TCG Software Stack, and support for integration into the customer's own BIOS.
When launching the AT97SC3201 TPM chip, Atmel emphasized how authenticated identity can be extended to the BIOS, operating system and the catalogue of registered programs to protect from worms and viruses. If a computer's BIOS and OS only allow execution of programs whose measurements match the values found in the m measurement catalogue protected by the TPM, neither worms nor viruses could ever execute. The TCG 1.1b-compliant chip integrates a low power RISC processor, 500ms 2048-bit RSA crypto accelerator, true random number generator, secure EEPROM storage for 20 public/private keys, SRAM, timer, real-time clock, LPC interface to Intel processors, and tamper prevention circuitry that disables the chip if someone tries to read its contents. The modules include drivers for Windows 98, 2000, XP, and NT 4.0 operating systems; as well as MAD and MPD BIOS drivers. What's more, the company extends trusted computing to embedded systems, by also making the AT97SC3201S mountable on the SMBus, into a 6x6mm millimeter package. This allows to TPM-enable systems such as voting machines, industrial computers, or gaming systems.
Embedded security
Because the security profile in the TCG specifications require TPMs to be tamper-proof, specific design methodologies are necessary, that make the integration of TPMs into existing processor chips difficult (not cost effective, not performance optimised). And even though the Endorsement Keys generated within the TPMs never leave the module and cannot be tracked, chip manufacturers trying to integrate TPM hardware into their dies would raise suspicion from the public. But for the mobile consumer devices, where low footprint is critical, TPM-like solutions are directly integrated into the mobile processor.
Targeting ARM-based mobile phones, PDAs, set top boxes or other systems running open Operating Systems, ARM's TrustZone technology is implemented within the microprocessor core itself, enabling the protection of on and off-chip memory and peripherals. A Monitor mode within the core acts as a gatekeeper to identify secure code and reliably switch the system between secure and non-secure states. When the monitor switches the system to the secure state, the processor core gains additional levels of privilege to run trusted code, and to handle tasks such as authentication, signature manipulation and the processing of secure transactions. The company explains that TrustZone technology tags and partitions secure code and data within the system, and maintains a clear, hardware separation between secure and non-secure information. A bit like having an integrated TPM (except it doesn't qualify as such), TrustZone can enable security through integrity checking for all the features within a SoC device.
Also designed for the mobile market, SafeNet launched the SafeZone trusted mobile computing IP core, a licensable IP implementation of the TCG's TPM designed for small footprint and low power. It includes all the basic functions and design necessary to implement a trusted-mode processor, including modules for a secure real-time clock, true random number genereration, public key operations, encryption/decryption, authentication, and secure key storage. It replaces a standalone TPM chip or WAP WIM Smart Card.
Leveraging TPMs
Accessing functions of the TPM is accomplished through the TCG software stack, complying to the Public-Key Cryptography Standard (PKCS#11) and Microsoft Crypto Application Library (MSCAPI) cryptographic protocols. Software development tools are available that aim at simplifying the integration of TPM's authentication capability with vendors' operating systems and firmware.
Addressing the need for independent software vendors to deal with the trusted computing market, Wave Systems announced a Cryptographic Service Provider (CSP), the EMBASSY Trust Suite, that allows a software developer to write a hardware-based cryptographic program that will run on any TCG-compliant trusted platform module. CSP, an application developer, enables TPM-based security through the standard MSCAPI interface without needing to understand vendor-specific requirements regarding the TCG Software Stack (TSS).
The NTRU Core TCG Software Stack (CTSS) Version 1.0 provides the essential core interface and security services framework for any application or platform that relies on TPM. It is designed in accordance with TCG specifications for a standard version 1.1 TSS and is enhanced with strong, standards compliant cryptographic libraries. The CTSS provides a set of software components that allow applications running under various operating systems to take advantage of the platform's 1.1b compliant TPM in a coordinated, consistent, and portable manner.
Optimised for the Intel Wireless Trusted Platform security co-processor, Certicom just launched a comprehensive security platform for mobile handset development. Dubbed the Certicom Security Architecture for Mobility, the solution combines several toolkits that enable device manufacturers to cost-effectively embed security across multiple devices. These include a cross-platform cryptographic toolkit; a FIPS 140-2 validated cryptographic module; a digital certificate management toolkit; a complete secure sockets layeyer toolkit; and a client-side virtual private network toolkit. Each toolkit is accessed via the Security Builder Middleware that provides portable hardware-based security across multiple devices and processors. This hardware abstraction layer works with Security Builder API that places a single, intuitive API between the application or operating system and the strongest and/or fastest cryptographic provider. This results in a common security architecture allowing software vendors and device manufacturers to quickly enable hardware-optimised security across multiple platforms.
Phoenix offers its cME TrustedCore software suite, a visual development environment that provides built-in device security and a secure console-managed environment supporting system recovery applications from the company and certified third-party providers. The built-in device authentication creates a "chain of trust" architecture that integrates with common enterprise standards for network system management and security. This combines with cME TrustConnector, a Crypto Service Provider application.
IBM's Rapid Restore, Intel's Lagrande Technology, Microsoft's Next-Generation Secure Computing Base, or HP's ProtectTools are some of the security enhancement applications that would typically leverage and expand on the unique hardware security features offered by a TPM-enabled motherboard.
ARM
110 Fullboune Road
Cherry Hinton
CB1 9NJ Cambridge
United Kingdom
Certicom Corporation
5520 Explorer Drive, 4th Floor
L4W 5L1 Mississauga
Canada
tel: +1-9055013785
fax: +1-905-507-4230
Infineon Technologies AG De
St Martin Strasse 53
81669 München
Germany
tel: +49-(089)63621475
fax: +49-(49)08923422763
Atmel
3 Avenue du Centre
78054 St.Quentin/Yvelines
France
tel: +33-(1)30607000
fax: +33-(1)30607111
National Semiconductor
Livry-Gargan-Straße 10
82256 Fürstenfeldbruck
Germany
tel: +49-(08141)350
fax: +49-(08141)351515
SafeNet, Inc
4690 Millennium Drive
MD 21017 Belcamp,
U S A
tel: +1-443 327-1238
fax: +1-410-931-7524
STMicroelectronics
Technoparc du Pays de Gex
165 rue Edouard Branly
1637 St-Genis-Pouilly
France
tel: +33-(4)50402540
fax: +33-(4)50402860